Updated poppler packages fix security vulnerabilities
Publication date: 06 Sep 2019Modification date: 06 Sep 2019
Type: security
Affected Mageia releases : 6
CVE: CVE-2019-9631 , CVE-2019-9903 , CVE-2019-10018 , CVE-2019-10021 , CVE-2019-10023 , CVE-2019-10872 , CVE-2019-12293 , CVE-2019-14494
Description
Updated poppler packages fix security vulnerabilities Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsample_row_box_filter function. (CVE-2019-9631) PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumption in the function Dict::find() located at Dict.cc, which can (for example) be triggered by passing a crafted pdf file to the pdfunite binary. (CVE-2019-9903) An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpIdiv case. (CVE-2019-10018) An issue was discovered in Xpdf 4.01.01. There is an FPE in the function ImageStream::ImageStream at Stream.cc for nComps. (CVE-2019-10021) An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpMod case. (CVE-2019-10023) An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function Splash::blitTransparent at splash/Splash.cc. (CVE-2019-10872) In Poppler through 0.76.1, there is a heap-based buffer over-read in JPXStream::init in JPEG2000Stream.cc via data with inconsistent heights or widths. (CVE-2019-12293) An issue was discovered in Poppler through 0.78.0. There is a divide-by-zero error in the function SplashOutputDev::tilingPatternFill at SplashOutputDev.cc. (CVE-2019-14494)
References
- https://bugs.mageia.org/show_bug.cgi?id=25233
- https://access.redhat.com/errata/RHSA-2019:2022
- https://usn.ubuntu.com/4042-1/
- https://usn.ubuntu.com/4091-1/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9631
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9903
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10018
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10021
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10023
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10872
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12293
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14494
SRPMS
6/core
- poppler-0.52.0-3.13.mga6